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(57) A system and method for providing protection 
of content stored on a bulk storage media (100) is dis- 
closed. The technique for providing protection from 
unauthorized utilization of the content so stored is pro- 
vided publicly in order to allow for those utilizing a con- 
forming media device to master or generate content 
protected according to the present invention. Various 
ways in which to protect content are disclosed including 



verification of the authenticity of a particular media, uti- 
lization of an accepted list of media play-back devices 
(205) and their corresponding published public keys in 
order to securely pass media content keys thereto, and 
utilization of an external contact (314) to provide media 
content keys and/or updates of accepted media play- 
back devices. 
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Description 

TECHNICAL FIELD OF THE INVENTION 

[0001] The present invention relates to protection of content stored on a bulk storage media and more particularly to 
a system and method for providing controlled utilization of the stored content through the use of public keys stored upon 
the media itself. 

BACKGROUND OF THE INVENTION 

[0002] Currently there are various schemes in place for providing controlled or secure access to content recorded on 
bulk media. However, these schemes often suffer disadvantages in requiring that the schemes themselves be kept 

" secret in order to maintain security. Accordingly, the schemes may be implemented only by trusted parties in order to 
maintain the secret. Likewise, these schemes often rely on the total secrecy of cryptographic keys used by the scheme, 
as publication of such a key may result in loss of security for all or multiple parties using the scheme. 

" [0003] For example, DVD media, currently only protected for video content, utilizes a two part scheme: a crypto- 
graphic key for decrypting information recorded on the media is produced according to a predefined protocol and stored 
according to that protocol on a limited access potion of the media, and a cryptographic technique, also defined by the 
protocol, is utilized to securely pass that key to a play-back entity. Accordingly, in order to produce either a media device, 
i.e., media player, or media itself, there must be understanding of the whole scheme, i.e., how it works. Furthermore, 
there must be access to the keys, that have been predefined by this scheme, themselves. There must be a globally held 
secret among all of the people who produce players and all the people that produce media. Here, the security lies in 
keeping secret how the cryptographic keys are made and how the messages, i.e., the passing of the keys, are 
encrypted. If the protocol itself were revealed then all content, regardless of the particular entity which pro- 
duced/recorded it, becomes compromised because, if the protocol were common knowledge, rogues could generate 
and/or intercept keys capable of decrypting protected content. Any compromise of the system will compromise all sys- 
tems and media at the same time. 

[0004] Additionally, as the media content key associated with the protected content is stored on the media itself, the 
above described scenario relies on all parts of the system honoring the security of the key. Therefore, an illegally 
designed media reader could pass the content key through to a device or entity which is not authorized to receive that 
key. Likewise, an illegally designed media reader could duplicate the raw data of the media, including the encrypted 
content and media content key stored thereon, on a second media and thus create an unauthorized copy conforming 
to the protocol described above. However, a media reader provided according to this scheme will prevent such unau- 
thorized access/activity and, therefore, provide security because not all the raw data will be available. In particular the 
sectors where keys are hidden will not available on any consumer product because all of these products are produced 
under licenses providing that if the scheme is used, the device shall not allow particular operations. 
[0005] Accordingly, for the system to provide protection to the content, the media decryption key stored on the media 
is read by a media reader, i.e., DVD disk drive, only in proper circumstances, i.e., an authorized play-back device 
requests the media content key according to a preestablished protocol, and thereafter, provided in encrypted form for 
communication to the play-back device. In this scheme, the media content key is passed after a key exchange is done 
such that when the key is handed from the media reader to the play-back device it is done encrypted. I.e., the play-back 
device would send its encryption key to the media reader, the media reader would read the media content key from the 
media, encrypt the media content key with the play-back device's encryption key, and pass this encrypted version of the 
media content key to the play-back device where it may be decrypted with the play-back device's (secretly held) decryp- 
tion key for use of the media content key in accessing media content as provided by the media reader. 
[0006] For example, in a host computer (here the play-back device) coupled to a DVD disk drive (the media device) 
via the computer's bus structure, information communicated between the computer and drive is exposed easily to 
rogues, or "hackers," and probing. Therefore, the media content key is passed over this bus only when it has been 
obscured by a key established through a key exchange between the drive and the host computer. However, in a stand 
alone player, where the media reading mechanism and the video play-back device are in one box, and the connection 
between them is somewhat secure, then such a key exchange and/or encryption of the media content key may be omit- 
ted in favor of decrypting the data directly internally. 

[0007] The way this scheme is implemented, the media reader itself, as it may access the media content key, must 
honor the scheme and refuse to access the content key for unauthorized purposes. Likewise, as the play-back device 
is provided the content key. so too must the play-back device honor the protection scheme. However, in addition to rely- 
ing on the security of the individual keys, details of the operation of the above described scheme itself, such as where 
and in what format content keys are written and the algorithm for conducting key exchanges, we kept secret in order to 
avoid the unauthorized retrieval/interception of keys and, therefore, compromising the security provided. Additionally, 
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with the current scheme if an entity is able to generate legitimate protected media, that entity is also able to make illegal 
copies of other media as the secrets of the scheme must necessarily been revealed to this entity in order to allow the 
generation of legitimate protected media. 

[0008] Accordingly, the protocol for encryption of the data and the generation of keys is only revealed by license, i.e., 
5 only trusted manufacturers of content and devices which read, write, or otherwise utilize this content are provided with 
the secrets of the protocol, and then only under the terms of a license agreement restricting use and dissemination of 
this secret information. Very few people or entities we able to obtain such a license, and its attendant secrets, in order 
to provide content and/or devices adapted in the nature of the protocol. As such, general content providers, such as 
small entities or entities providing content for internal or limited use, cannot protect their work as they have no way of 
10 recording such a key to the media in a secure manner that prevents illegitimate copying/utilization of protected content 
while allowing legitimate generation of secure disk. Therefore, there is no process that one can publicly use to generate 
- such keys and, therefore, there is no process for those other than the licensed entities to record protected content com- 
patible with this scheme. 

[0009] A further need exists in the art for providing access to content with alternative techniques for security such as 
is secure passing of keys stored on the media, communication with an external authorization center, and verification of 
the authenticity of the media. 

■ [001 0] A need therefore exists in the art for a technique providing secure access to the content of mass media which 
may be utilized by a great number of individuals and entities without risk of compromising security. 

20 - SUMMARY OF THE INVENTION 

[001 1 ] These and other objects, features and technical advantages are achieved by a system and method utilizing a 
technique, which itself is public, where only the individual keys used thereby need remain private. In order to be availa- 
ble to all desiring the protection of such a system, the rules for generating keys suitable for use according to the present 
25 invention are preferably public. As the technique itself, as well as the rules for generating cryptographic keys to be uti- 
lized therewith, are public, the present invention allows for its use by all those so desiring. Moreover, as it is the crypto- 
graphic keys themselves, or portions thereof, which are maintained securely in order to provide security according to 
the present invention, rather than relying on the secrecy of the technique for their use. compromise of the secret infor- 
mation will result in only a content provider using that particular key having access to content compromised. 
so [0012] The present invention operates to provide protection in addition to the limited access of content through the 
use of cryptographic keys. Specifically, the present invention is able to securely identify a piece of media as being an 
original. Likewise, the present invention is able to securely identify a play-back device as being authorized. Accordingly, 
devices or users of the media may be assured that interaction therewith is authorized as each end can securely identify 
the other and each end can securely send data to the other end. 
35 [001 3] Operation of the present invention is not to allow or disallow any particular transmission, but rather to obscure 
the content (information or data), using cryptographic methods, such that only a legitimate recipient can make use of 
that data, i.e., nobody but the content owner, or those authorized by him/her. is able to copy protected media content. 
To this end, the present invention utilizes public key algorithms well known in the art to provide cryptographic keys use- 
ful according to the present invention. However, the present invention provides a unique system and method for man- 
40 aging and utilizing these cryptographic keys. 

[0014] Preferably, as in the above described prior art system, the media reader or disk drive (media device) honors 
the technique of the present invention. For example, through licensing of media device manufacturers, it may be 
ensured that these devices honor the technique. Therefore, sensitive information, such as the aforementioned content 
key, may be stored on the media without substantial fear that such information will be publically disseminated. Prefera- 
bly, media devices unaware of the scheme will not crack it. i.e., a drive that can read/write raw the standard areas won't 
copy the copy protection information provided in a secured area Accordingly, any attempt at violating the technique of 
the present invention, such as to read sensitive information stored on the media, is either unable to perform the tech- 
nique at all, i.e., is unable to instruct a media reader to access restricted areas of the media, or if the device allows 
improper utilization there is a legal remedy available. 

[0015] However, unlike the prior art system, where the scheme itself is secret, the present invention does allow the 
public at large to generate their own protected content without requiring license to the technology or requiring any 
secret information that they do not themselves generate. This is because the only secrets in the present technique are 
the keys themselves and, thus, allowing the rules for generating the keys to be public. Accordingly, media devices may 
be adapted to allow for limited access to secure areas of the media in order to provide for mastering of content protected 
55 by the present invention. This allows anyone to be able to generate their own protected media. 

[001 6] According to the present invention, a public/private key pair is used where the private key is known only by the 
manufacturer or content provider for provision only to select, or authorized, decoders or play-back devices. Therefore, 
each individual device, sets of associated devices, or manufacturers devices may utilize a different private key known 
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only to these devices. Likewise, in a preferred embodiment, a different content key would be known by each piece of 
media, which if compromised only presents a security risk for that media 

[001 7] However, the media, or the media device operating therewith when the media is strictly a passive device, needs 
to know the play-back device's public key. As long as the media is guaranteed that the public key does in fact belong to 
a particular owner, i.e., is authentic and is associated with an approved or authorized device, the system is secure. 
Accordingly, the owner or manufacturer of the play-back device is, in fact, best off not by keeping that public key a 
closely held secret but by broadcasting it to world. This public dissemination of the public key decreases the chance of 
a rogue fraudulently distributing a public key as belonging to an approved or authorized entity. For example, company 
X publishes a public key widely identifying itself as the source, it is much more difficult for company 2 to latter fool the 
o public into believing that a subsequent public key is company X s public key. Therefore, in the preferred embodiment, 
the public keys of approved play-back devices are actually published on the media. 

[0018] By publication of the play-back device's public keys, the present invention not only operates to securely trans- 
' mit information, but also provides for securely identifying either or both ends, i.e., the media and/or the play-back device, 
as being legitimate. Accordingly, any information storage scheme providing an area that is fully readable and an area 

5 providing controllable or restricted access may be utilized according to the present invention. 
- [0019] Unlike the aforementioned prior art scheme, there is no widely held secret, i.e., the play-back providers and 
the media generation providers all having to know how the whole scheme works, including the values for the keys. As 
the only parts of the present invention that are secret are the private keys themselves, no secrets need to be shared 
among parties. Accordingly, each manufacturer, whether a manufacturer of media or devices operable therewith, can 

o keep their own secrets. Moreover, these secrets may be kept such that the true secrets are known only by very few peo- 
ple, in such a way that actually nobody knows the true secret where, for example, the secret is embedded and shipped 
via random generation which is then destroyed before it is ever noted, or in a hidden away where, for example, certain 
persons are provided partial information with respect to the keys and some plurality thereof are needed to reconstruct 
the key. Moreover, as these private keys may be embedded within circuitry useful in encrypting/decrypting information 

s according to the present invention, the private keys may not even be revealed to any party. 

[0020] In an alternative embodiment, rather than storing the content key in an area of limited access on the media, 
for retrieval by the media device and subsequent transmission to the play-back device, the key is securely stored by the 
media which actively operates to securely transmit this key to the play-back device without ever disclosing the key to 
the media device. Accordingly, the active component utilized for hiding this key not in the media device or disk drive. 

o Instead, it is a portion of the media, such as an electronic circuit including a processor and memory operating under 
control of an internal algorithm. Therefore, the content key, which is stored on the media within the aforementioned 
memory, may be hidden and, preferably utilizing the public key of the play-back device passed through the media device 
to the play-back device without its ever being revealed to the media device. Though the above mentioned secure iden- 
tification of the play-back device, the active media of this alternative embodiment may be assured that the media key is 

5 not revealed to unauthorized entities. Alternatively, the fact that the content key is encrypted using a public key associ- 
ated with an authorized play-back device provides confidence that it may only be used by that play-back device barring 
a security breach of the private key. 

[0021] Another alternative embodiment of the present invention utilizes an external source to acquire a content key, 
such as for "pay-per-view." Accordingly, rather than a content key stored on the media, an identifier string, such as may 

o be used to authenticate the media, may be stored for provision to an external source, utilizing public key encryption 
according to the present invention, in order to acquire a content key useful with the desired content. 
[0022] Additionally, or alternatively, contact with the external source may provide up-dated information with respect to 
authorized decoders or play-back devices suitable for use with the media. For example, a list of authorized public keys 
may be up-dated by such communication in order to allow a media device to securely provide a content key to a 

5 decoder not originally included as an authorized decoder. 

[0023] A technical advantage of the present invention is that a technique known to the public, and therefore available 
for use by the public, may be utilized to prevent useful copying of protected content. 

[0024] A further technical advantage of the present invention is that playability is allowed in both dedicated players 
and computers, as well as providing for the play-back in later authorized devices. 

o [0025] A still further technical advantage of the present invention is provided in its ability to protect both video infor- 
mation and computer information. Moreover, such protection may include interaction with an external authorization 
center, such as pay-per-view techniques, via such commonly available communication networks as phone or Internet 
[0026] The foregoing has outlined rather broadly the features and technical advantages of the present invention in 
order that the detailed description of the invention that follows may be better understood. Additional features and advan- 

5 tages of the invention will be described hereinafter which form the subject of the claims of the invention. It should be 
appreciated by those skilled in the art that the conception and specific embodiment disclosed may be readily utilized as 
a basis for modifying or designing other structures for carrying out the same purposes of the present invention. It should 
also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of 
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the invention as set forth in the appended claims. 



RRIFF DESCRIPTION OF THE DRAWINGS 

5 [00271 For a more complete understanding ol the present invention, and the advantages thereof, reference is now 
made to the following descriptions taken in conjunction with the accompanying drawings, in wNch: 

FIGURE 1 illustrates a media system adapted according to a preferred embodiment of the present invention; 
FIGURE 2 illustrates a flow diagram of recording a disk including content protected according to a preferred 
io embodiment of the present invention; 

FIGURES 3A through 3C illustrate a f tow diagram of the use of content protected according to a preferred embod- 
iment of the present invention; and 

FIGURE 4 illustrates a flow diagram of the operation of an external authorization center according to a preferred 
embodiment of the present invention. 

DESCRIPTION OF THE INVENTION 

[0028] In understanding the concepts of the present invention it is helpful to refer to a specific embodiment wherein 
the present invention is utilized. Accordingly, described herein is an embodiment where the present invention is utilized 
with bulk media storing information suitable for use by digital systems, such as digital video information commonly 
stored on DVD optical disks. However, it shall be appreciated that the present invention is not so limited and may in fact 
be utilized with any information storage scheme providing an area of secure or restricted access to the contents therein. 
[0029] Directing attention to FIGURE 1, a system adapted according to the present invention is shown including 
media 100 media device 110, and play-back device 120. Media 100 includes unprotected storage area 102, providing 
general access to information stored therein, and protected storage area 101, providing secure or restricted access to 
information stored therein. In a preferred embodiment, protected storage area 101 is a predetermined area of media 
100 which media devices honoring the technique of the present invention will not provide access to the information 
therein except according to the present invention. In an alternative embodiment, protected storage area 101 is an active 
area i e includes autonomous control over the data stored therein, such as through the use of a processor unit and 
associated control algorithm, which itself will not provide access to the information therein except according to the 

present invention. . . 

[0030] Also shown in FIGURE 1 is media device 1 10, which may be for example an optical or magnetic disk drive, 
adapted to accept media 100 and interact therewith, such as to read and/or write information. Media device 110 
includes interface 1 13, which may be a magnetic head or laser and photo diode combination for example, adapted to 
interface with media 100 to allow interaction between media device 110 and media 100. Interface 113 is coupled to 
processor 1 1 1 which, in addition to receiving information as provided from media 100 through interface 1 13 and provid- 
ing information through interface 113 to media 100. operates to control the operation of interface 113. For example, 
where media 100 is a disk, such as is well known in the art, controller 1 1 1 may provide motion control of interface 113 
in order that physical blocks and sectors of media 100 may be accessed as desired. 

[0031 ] Also coupled to processor 1 1 1 is memory 112. Memory 1 1 2 may provide any number of functions with respect 
to the operation of media device 110. For example, memory 1 12 may store a control program utilized by processor 1 1 1 
in operation such as in performing the above mentioned motion control of interface 1 13 as well as to operate according 
to the present invention. Additionally, memory 112 may buffer information passed between play-back device 120 and 
media 100 as well as provide an environment for active functions of media device 110 such as the handling crypto- 
45 graphic keys and/or their encryption for secure transmission. 

[0032] Play-back device 120 of FIGURE 1 is coupled to media device 1 10 through bus 130 to comprise player 150. 
Included within play-back device 120 is processor 121 which, in addition to receiving information as provided from 
media 100 through media device 110 and providing information through media device 110 to media 100, operates to 
disseminate and/or accept the information communicated with media 100. For example, processor 121 may operate to 
so play information recorded on media 1 00 to a monitor (not shown) attached to play-back device 1 20. Likewise, processor 
1 21 may operate to accept information to be recorded on media 1 00 from a user interface (not shown) attached to play- 
back device 120. JX 
[0033] Also coupled to processor 121 is memory 122. Memory 122 may provide any number of functions with respect 
to the operation of play-back device 120. For example, memory 122 may store a control program utilized by processor 
55 121 in operation, such as to operate according to the present invention. Additionally, memory 122 may buffer informa- 
tion passed between play-back device 120 and media 100 as well as provide an environment for active functions of 
play-back device 1 20 such as the handling cryptographic keys and/or decryption of media content provided to play-back 
device 120 Accordingly, processor 121 and memory 122 may operate as a decoder suitable for utilizing the content of 
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media 100. 

[0034] Bus 130 coupling media device 110 and play-back device 120 may be an unsecured bus, such as a personal 
computer (PC) input/output (I/O) bus where media device 1 10 is a disk drive and play-back device 120 is a PC. How- 
ever, both media device 110 and play-back device 120 may be disposed within a substantially secure environment, thus 
providing some security to bus 130, such as where player 1 50 is an integrated unit as is the case for television top DVD 
players. In such an embodiment processor 1 11 of media device 1 10 and processor 121 of play-back device 120 may 
be provided as a single processor. Likewise, memory 1 12 of media device 110 and memory 122 of play-back device 
120 may be a single memory. 

[0035] Optional communication device 140, coupled to clearing house 170 through public switched telephone network 
o (PSTN) 160, is shown in FIGURE 1 coupled to play-back device 120. Communication device 140 may be utilized to 
update information stored within play-back device 1 20 or media device 1 1 0, such as lists of authorized decoders and/or 
their associated public keys, as well as to authorize particular transactions between play-back device 120 and media 

- 100, such as to provide for n pay-per-view" service. Although shown coupled directly to play-back device 120, commu- 
nication device may be coupled elsewhere in the system, such as to media device 110, if desired. Likewise, although 

5 shown as providing communication with clearing house 1 70 through PSTN 160, such communication may be provided 

- through any number of communication links such as a local area network (LAN), a wide area network (WAN), the Inter- 
net, a cable system, a satellite system, or the like. 

[0036] As described above, preferably protected storage area 101 of media 100 is an area which provides secure or 
limited access to information stored therein. For example, in a preferred embodiment of the present invention, protected 

o storage area 101 is a predefined area of the media, such as a first or final sector of the usable area of the media, to 
which media device 1 10 does not provide general access. This restricted access to protected storage area 101 may be 
provided by the agreement of the manufacturer of media device 1 10 to honor the technique of the present invention. 
[0037] Alternatively, restricted access to protected storage area 101 may be provided by altering media device 1 10 to 
enable access to a portion of standardized media not physically or generally possible to be accessed by typical prior 

5 generation media devices and, again, limiting access thereto by media device 1 10 by agreement of the manufacturer 
to honor the technique of the present invention. The latter mentioned alternative provides additional security for the 
information of protected storage area 101 in that media devices not specifically adapted to operate according to the 
present invention are physically prevented from access. However, a disadvantage to this alternative is that media pro- 
tected according to the present invention would not be suitable for use in such non-conforming media devices. 

? [0038] In an alternative embodiment of the present invention protected storage area 1 01 is an active portion of media 
100, such as may be provided by a processor and associated memory. Accordingly, information, such as cryptographic 
keys utilized according to the present invention may be stored therein and provided externally only upon select condi- 
tions. Accordingly, reliance upon a media device honoring the present technique may be avoided and instead replaced 
with secure active portions of the media itself. As such, the provision of cryptographic keys, or other sensitive informa- 

5 tion, may be passed through the media device to an authorized play-back device without revealing this information to 
the media device or its ability to use such secrets. Therefore, it shall be appreciated that, although discussed below with 
respect to a media device preforming these functions, the active portion of the media itself may in fact perform the func- 
tions. 

[0039] Such an active portion of media 100 may be provided an interface to interact with media device 110 and/or 
o play-back device 120 through electrical connections such as may be provided at a center hub portion of the media (hub 
103 of FIGURE 1) disposed to couple with complementary connections disposed within media device 1 10. Of course, 
such an embodiment requires not only adaptation of media 100, but also media device 11 0 in order to provide operation 
according to the present invention. Alternatively, media 100 may be adapted to include a surface area having active 
components disposed thereon adapted to provide interaction with media device 110 according to the media device's 
? unaltered media interface. For example, where media 100 is a magnetic media, protected area 101 may include cir- 
cuitry, similar to the coils of a magnetic read/wright head disposed along a sector or track of media 100, controllable to 
provide magnetic patterns readable by media device 1 10 and to receive magnetic patterns written by media device 110 
to communicate selected information there through according to the present invention. Likewise, where media 100 is 
an optical media, protected area 101 may include circuitry, such as light emitting diodes and photo diodes disposed 
? along a sector or track of media 100, to provide optical patterns readable by media device 110 and to receive optical 
pattern written by media device 110. 

[0040] The active portion of media 100 may be provided in components such as integrated circuits, or "chips," con- 
taining the public key algorithms. Accordingly, these circuits may have embedded in them the private key, which may 
never be available externally because the chip never reveals it. The basis of public key/private key encryption is that 
J only if the private key is known, information can be decrypted with the corresponding public key. Therefore, there is no 
need to ever know the private key. The presence of the authentic private key may be verified by generating a random 
number, encrypting it with the public key, sending the encrypted information to the chip, allowing the chip to decrypt the 
random number using the private key, and again encrypt the random number using the private key. If the random 
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number is presented by decrypting the returned encrypted string with the public key, there must be a valid private key 
utilized within the chip. 

[0041] It shall be appreciated the above exchange of a random number may be utilized in validating either end of a 
communication. Moreover, only one encryption/decryption cycle need be completed to prove the recipient has a key 
5 corresponding to the issuers key. However, the reencryption of the decrypted random number provides a high level of 
confidence that the recipient did not simply guess the correct random number. 

[0042] It shall also be appreciated that, although the use of random numbers is described herein, other information 
may be utilized in such verification and the below mentioned information disguising techniques. For example, particular 
patterns of information, such as time and/or day information may be used. Likewise, particular information run through 
10 a hash or other algorithm to uniquely alter the data may be used. Of course, the more "randonVor unpredictable the 
data so used is, the less likely that it may be guessed by the recipient. 

[0043] In another alternative embodiment, protected area 1 01 is not a discrete portion ol media 1 00, but rather is infor- 
mation provided in a secured fashion within the unprotected area of media 100. For example, information which is to be 
protected, or provided limited access, according to the present invention may be disbursed throughout unprotected area 

75 102 in a manner such that its recovery is impossible or unlikely except to devices operating according to the present 
invention. Accordingly, in an embodiment of the present invention, information stored in protected area 101 is encoded 
. as errors in the information stored in unprotected area 102. These errors are predetermined to be correctable, such as 
through CRC error correction algorithms known in the art, in order to provide error free utilization of the information 
stored in unprotected area 102. However, the placement of such errors and/or particular patterns of the errors are uti- 

20 _ lized to encode the information of protected area 101. Such an embodiment may be utilized to prevent unauthorized 
copying as a system providing anything other than a raw data copy will likely used the CRC algorithms to "correct" those 
errors prior to their being written on the copy. 

[0044] It shall be appreciated that, although described above in the alternative, the embodiments of providing pro- 
tected area 101 may be combined For example, portions of the information of protected area 101 may be stored 
25 according to different ones of the above embodiments. Likewise, all the information of protected area 101 may be pro- 
vided in multiple ones of the embodiments, such as to provide maximum compatibility with media devices and/or play- 
back devices. 

[0045] Having described embodiments tor the storage of protected information, reference is now made to the below 
table for an understanding of a preferred embodiment of information stored in protected area 101. Preferably, all values 
30 are recorded in Little Endian format- 



Offset 


Size 


Name 


0 


128 


1024 bit media key (h) 


128 


128 


Reserved 


256 


128 


1024 bit media key (e) 


384 


128 


Reserved 


512 


4 


Decoder Key File CRC 


516 


12 


Reserved 


528 


8 


Disc Key 


536 


8 


Reserved 


544 


1 


SCMS count 


545 


1 


Encryption Type 


546 


1 


Public Key flags 


547 


1 


Region Code 


548 


2 


Number of Key Extents 


550 


26 


Reserved 


576 


N_K*8 


Key Extents 
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[0046] The media key (n), preferably a 1024 bit key, and media key (e), also preferably a 1024 bit key, we each one 
half of the media public key. Generation of this key and its use will be described in detail below. 
[0047] Preferably, the media will have a list of decoders, identified through the Public Key flags of the preferred 
embodiment, that the author has deemed acceptable for use with the media. Accordingly, the Public Key flags indicate 
which public keys, associated with authorized decoders, the drive is allowed to use to send Disc Keys. If the bit is set, 
as shown in the table below, the drive will allow to the Report Key command to return the Disc Key encrypted with the 
corresponding public key. 



3 



Bit 


Description 


0 

2-6 
7 


The public key in the key sector shall be valid for reporting the Disc Key. 
Reserved 

Public Keys not listed elsewhere are acceptable. 



The public keys indicated as allowable by the Public Key flags are preferably stored on the media itself as indicated by 
the Key Extents of the preferred embodiment Preferably each entry of the Key Extents is a pair of 32 bit unsigned irrte- 
? gers. The first integer specifies a sector number of an authorized decoder key and the second integer specifies a byte 
count of that decoder key. The Number of Key Extents contains the number of extents that contain the key file. On read- 
only media, this number is preferably one. 

[0048] According to the present invention, an author or provider of content may review the products of companies X, 
Y and Z to determine if they have guaranteed that their product does not compromise the material that is to be pro- 

5 tected. If it is determined that the way in which companies X and 2 have protected their information, the content provider 
records public keys for X and Z on the media as authorized decoders and/or play-back devices and sets the Public Key 
flags accordingly This list of public keys may be the only one utilized in passing a content key from the media to a play- 
back device and, thus, only these approved decoders or play-back devices will be able to utilize the content key. 
Although described as the only devices authorized, it shall be appreciated that below is described a method for updat- 

? ing this list to allow for inclusion of later approved or developed devices. 

[0049] In operation, the play-back device will request the media key encrypted for use with a particular decoder, i.e. 
X. The drive will look for X as an acceptable key, as indicated in the Public Key flags, and, utilizing the Key Extents to 
locate and retrieve the proper public key, encrypt the media key accordingly to send it along. 

[0050] As these keys of the authorized decoders are their public keys, there is no need to record them secretly on the 
j media. Accordingly, the preferred embodiment of the present invention records these keys within unprotected area 1 02. 
However, as the proper presence of such a public key will be utilized to allow useful play-back of content, it is preferred 
that these keys are provided in a read only (or write once only) area of the media in order that the list is not altered to 
include a rogue key. 

[0051] Additionally, in order to provide protection of the keys, and therefore the decoders, utilized with a particular 
? media and its content, Decoder Key File CRC, preferably CRC 32 of all of the decoder keys, is utilized to detect tamper- 
ing with these keys. Accordingly, if one were to edit or alter the decoder key file or the key extents, the CRC will not be 
correct for the altered file. In the preferred embodiment Decoder Key File CRC is 4 bytes but could be extended, for 
example to as much 1 6 to utilize other message digest algorithms such as MD5. 

[0052] The Disk Key as stored in the secure area may be used in an application specific manner. For example, in 
j some cases it may be used to encrypt/decrypt content, i.e., content key. Public key encryption is typically not desirable 
for a significant quantity of data because public key encryption is extremely slow and processor intensive, accordingly, 
the above mentioned public key algorithms may be used to transfer a key for a symmetrical encryption system, such as 
DES or a IDEA or any number of other algorithms wherein the key must remain secret at each end. However, in other 
cases the Disk Key may be an identification string or information utilized by an external source in authorizing use of the 
7 content of the media. Use of the Disk Key in such cases is described in detail below. Regardless of the actual form of 
the Disk Key, preferably its contents are never to be made available unencrypted. Preferably, the Disk Key field is 8 
bytes which is sufficient to hold a 56 bit DES key. 

[0053] The SCMS count is preferably used by writeable drives to determine if copies are allowed. If copies are 
allowed, the SCMS also provides information with respect to how many generations of copies are allowed. Preferably, 
5 the SCMS count is decremented upon the completion of an authorized copy by a media device. For example, the fol- 
lowing sequence could be used to copy a protected disk: 

(1) Insert the original disk. 
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(2) Host instructs the drive to "Read Secure Area." If the allowed copy count field is zero, the drive generates an 
error. 

(3) Drive caches information from the secure area (it is preferably NOT returned to the host). 

(4) Insert a blank disk. 

(5) The host instructs the drive to "Write Cached Secure Area." 

(6) The drive decrements the allowed count field and writes the sector to the disk. 

[0054] Encryption Type is preferably a flag indicating suggested usage as shown in the table below. Accordingly, in 
the preferred embodiment, commands to implement all cases will work in all cases as these commands do not change 
their behavior if different Encryption Types are selected. For example, a disk originally designed for Standard Video can 
use the same sector data with the Standard ROM identification technique. Another use is to use the pay per view tech- 
nique to allow playback on decoders not originally included on the media. 



75 





Encryption Type 


Description 




0 


Standard Video 




1 


Pay per use 


20 


80h 


Standard data 



[0055] The Region Code indicates in which regions the disk is to be allowed to be used. Each bit preferably corre- 
sponds to a region. . . 
[0056] According to a preferred embodiment of the present invention, all passing of encrypted information fits in the 
SFF 8090 Send Key/Report Key structure. Accordingly, key type codes as set forth below are preferably utilized. The 
Key Type specifies the type of encryption used on the disk. 



Key Type 


Description 


Oh 


Disk is encrypted according to CSS. 


1h 


Disk is protected by the technique of the present invention. 


2h 


Reserved 


3h 


Reserved 



40 The below descriptions are for Key Type 1 (key types of the present invention). 

[0057] For operation according to the preferred embodiment of the present invention, the SFF 8090 Report Key is as 
follows: 



7 6 


5 4 3 2 


1 0 




0 


Operation Code (A4h) 


1 


LUN (Obsolete) 


Reserved 


Key Type 


2 
3 
4 
5 


LBA 


6 


Key Source 
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(continued) 



7 


Reserved 


8 


Transfer Length 


9 


10 


AGID 


Key Format 


11 


Vendor Specific 


Reserved NACA Flag Link 



where the Key Source and Key Type fields are new, allowing for multiple schemes to exist in the command space. 
[0058] Preferably the Key Source specifies the source of the Disk Key as set forth below: 



Key Source Value 


Key Source 


Description 


OOh 


generated 


Disk Key is all zeroes 


01 h 


generated 


Disk Key is the current random number. 


02h 


Media 


Disk Key is the temporary Disk Key. Initialized to zero upon AGID grant. 


04h 


Media 


Disk Key is recorded in key sector 


08h 


Media 


Disk Key is encoded as DSV exceptions . 


10h 


Media 


Disk Key is encoded as ECC exceptions 


20h 


Media 


Disk Key is in user data space 


40h 


Media 


Disk Key is in the sector header of the key sector 


80h 


Media 


Disk Key is in the border zone 



Typically, only one or two bits are expected to be set. If two bits are set, one will usually be the current random number. 
In a preferred embodiment, if more than one bit is set, the Disk Key is the XOR of all requested keys. 
[0059] The Key Format defines the type of key requested. The preferred definitions for Key Format are as set forth in 
the table below. 



Key Format 


Description 


0 


Request AGID. Regenerate the random number for the AGID. (common to all Key Types) 


1 


Report Disk Key encrypted with most recent Public Key sent. 


2 


Report Media Public Key 


3-3Eh 


Reserved 


3Fh 


Report the Key Types on the medium (common to all Key Types) 



Send Key: 
[0060] 



Key Format 


Description 


1 


Send current public key. 



<EP 0978839A1 J_> 



10 



EP 0 978 839 A1 



(continued) 



Key Format 


Description 


2 


Send Disk Key. The drive shall store this value as the temporary Disk Key for the current AG ID. 



[0061] Having described the information provided in a secured area of the media according to the present invention, 
a preferred embodiment ol the storage of this information to the media will be described with reference to FIGURE 2. 
Shown in FIGURE 2 is a preferred embodiment of the mastering or creation of a media recorded and protected accord- 
ing to the present invention. 

10 [0062] At step 201 prime number p and q are chosen. Preferably p and q are each 512 bit primes. Of course, larger 
or smaller primes may be utilized according to the present invention depending upon the desired level of difficulty 
desired in breaking any cryptographic keys generated therefrom. 

[0063] At step 202 one half of the public key (e) is chosen such that e is relatively prime with respect to (p-1) x (q-1). 
As described below e and n each comprise one half of the public media key of the preferred embodiment of the present 
is invention. The value n is derived from the relationship n = p x q . Accordingly, secured content (s), decryptable only 
through use of a corresponding private key, may be derived from clear content (c) through the relationship: 

Spu b =c e modn 

20 ,and clear text contents (c) may be derived from secured content (s), encrypted through the use of a corresponding pri- 
vate key, may be derived through the relationship: 

c=s pvt e modn 

25 [0064] At step 203 one half of the private key (d) is computed to satisfy the relationship: 

1=d emod(p-1)(q-1) 



As with the public key above, n is utilized as the remaining half of the private key. Accordingly the secured content (s) 
30 encrypted utilizing the public key above may be decrypted to provide clear content (c) according to the relationship: 

c=s pub d modn 

and secured content (s) decryptable only through use of the above described corresponding pubic key may be derived 
35 according to the relationship: 



[0065] At step 204 the Disk Key k is generated. As described above, this key may be a cryptographic key, such as a 
40 symmetric key conforming to the DES standard, utilized in encrypting and decrypting the content of media 100 provided 
in unsecured area 1 02, i.e., a content key. Alternatively. Disk Key k may be identification information utilized in identify- 
ing the particular media or content, such as to an external source of clearing house for provision of a proper decryption 
key or other information useful in utilizing the content of media 100. 

[0066] At step 205 a list ofacceptable users," or decoders and/or play-back devices authorized to utilize the content 
45 of the media, is compiled. This list of acceptable users preferably includes both the identification of such users as well 
as their public keys. 

[0067] At step 206 the values of p, q, e, and k, as well as the list of "acceptable users" and other miscellaneous infor- 
mation, such as content information for an external source, are provided to a media device operable according to the 
present invention. It shall be appreciated, as secure area 101 of the present invention is preferably only accessible 
so through restricted access, that only when these parameters are provided in accordance with the proper operation of the 
present invention will a conforming media device accept and record this information on media 100. Therefore, in the 
preferred embodiment the prime factors p and q must be provided to the media device, rather than the value n, in order 
to establish that the provider is actually the originator of the keys utilized. 

[0068] Accordingly, at step 207, the media device computes n from the values of p and q provided thereto. If a rogue 
55 has been able to intercept the values e and n, such as through unauthorized access to secured area 101 of media 100. 
a media device operating according to the present invention will prevent a useful unauthorized copy being made as 
either no values for p and q will be available or the rogue will be unable to select values suitable for use with the portions 
of the key previously generated. 
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[0069] At step 208 the media device records n, e, k, and the list of acceptable users on to media 100 within secure 
area 101 . it shall be appreciated that, although discussed with respect to the media device providing restricted access 
to the secured area, as described above the present invention may utilize a portion of media 100 having intelligence 
disposed therein, such as a small chip set interfaced with the media device as described above. Accordingly, storage 
of this information may be through interaction with such an intelligence associated with the media rather than relying on 
the media device to restrict access and to perform operations such as the aforementioned computation of the value n. 
[0070] At step 209 it is determined whether the particular implementation of the present invention includes the 
encrypting of content to be stored in unsecured area 102 of media 100. If no encryption of this content is desired, i.e. 
encryption is utilized for media authentication only, then operation proceeds to step 214 wherein the content is recorded 
o to media 100. 

[0071] However, if encryption of this content is desired, then operation proceeds to step 210 wherein a determination 
is made as to whether the implementation is to utilize information provided from an external source, such as a clearing 
" house utilized in providing "pay-per-view" services. If information from an external source is not desired, operation pro- 
ceeds to step 212 wherein the content key is set to the disk key. 

5 [0072] If information from an external source is to be required in order to utilize the content of media 100, operation 
- proceeds to step 211 wherein the content key is selected at random, or by any other appropriate method. It shall be 
appreciated that the content key of step 21 1 is provided to the clearing house, or other external agent, in order to pro- 
vide for the later use of the content of media 100. However, this key is not stored on media 100, thus requiring contact 
with the clearing house for use of the content. 

o [0073] Regardless of whether an external source is to be utilized or not, the content to be stored within unsecured 
area 102 may be encrypted with the content key (step 213) and recorded to media 100 (step 214). Accordingly, both 
steps 211 and 212 proceed to step 21 3 for encryption of the content with the content key. 

[0074] Having described in detail the mastering of a disk according to a preferred embodiment of the present inven- 
tion, reference is now made to FIGURE 3 wherein the utilization of content provided according to the preferred embod- 

5 iment of the present invention is shown. 

[0075] At step 301 the play-back device requests the encryption type of media 100. In response the media device 
reads the encryption type from the media (step 302). It shall be appreciated that, although shown above in the preferred 
embodiment as being recorded in the secure area of the media, the encryption type information may be stored any- 
where upon the media, if desired. 

o [0076] At step 303 a determination is made as to whether encryption is utilized with respect to the content of the 
media. If it is determined that no encryption is utilized then operation proceeds to step 326 in order to determine if disk 
authentication is utilized according to the present invention. 

[0077] However, if it is determined that encryption is utilized to protect the content, then at step 304 a determination 
is made as to whether the encryption is "standard." If it is determined that encryption utilized to protect the content is 

5 other than standard, operation proceeds to step 314 associated with the use of an external source in the utilization of 
content as described in detail below. If the encryption is standard, operation proceeds to step 305 wherein the list of 
"acceptable users" is requested. Thereafter, at step 306 the media device reads the list of "acceptable users** from the 
media and provides this information to the play-back device. The play-back device generates a list of content targets, 
i.e., decoders available thereto, at step 307. 

o [0078] At step 308 a determination is made as to whether any of the content targets available to the play-back device 
match those included in the list of "acceptable users" authorized to operate with the particular media. If no match is 
found, operation proceeds to step 314 associated with the use of an external source in the utilization of content, in order 
that an updated list of "acceptable users" may be utilized, such as by communicating information when coupled to the 
clearing house such as a list of public keys for which it is acceptable to work with. Accordingly, if a new decoder is built 

5 or authorized after a particular media is published, the new decoder public encryption key scheme may be used through 
communication with a third party provider to get the authorization to use a new decoder. 

[0079] For example, the media device may establish communication with a clearing house and identify itself to the 
service provider, such as through the use of one of the acceptable keys on the list being that of the person who owns 
the content itself, i.e., the media public key. Accordingly, the media device honoring the technique of the present inven- 

o tion is allowed to pass the disk key to this content provider using this public key provided on the media possibly accom- 
panied with a request to the host, either protected or not, identifying a decoder upon which play-back is desired. In 
receiving a legitimate disk key encrypted with the content provider's public key, the content provider may have a high 
level of confidence in this being a legitimate disk and, therefore, may send back an authorized public key for the partic- 
ular decoder, or a list of authorized public keys, encrypted with the private key corresponding to the content provider's 

5 public key found on the media. The media device is then able to decrypt that list with this key. 

[0080] In the preferred embodiment, the retrieval of an authorized key is automatically performed when a suitable 
authorized key is not found on the media, as is provided in the steps outlined above. However in an alternative embod- 
iment, the up-dating of the authorized decoders is performed in maintenance cycle, such as may be performed at pre- 
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determined intervals, such as at night or periods of non-use of the player. 

[0081] If a match is found as between the "acceptable user list and the list of content targets available at the play- 
back device, then at step 309 a request for the content key is sent identifying the matching "acceptable user." At step 
310 the requested "acceptable user" is validated against the list of "acceptable users" and, provided it is indeed a 

5 match, the disk key, here the content key, is read from the media (step 311) and encrypted with the public key of the 
matching "acceptable user" (step 312). Thereafter this encrypted disk key is provided to the play-back device decoder 
at step 313 to allow meaningful use of the content recorded thereon and operation according to the present invention 
is concluded. It shall be appreciated that, as the disk key is encrypted utilizing the public key of the particular decoder, 
that only this device may actually decrypt the content of media 1 00 even if a rogue were to emulate the above preceding 

w steps. 

[0082] If it is determined that encryption utilized to protect the content is other than standard (step 304) or if none of 
the decoders available to the play-back device are included in the "acceptable users" list (step 308). a determination is 
made as to whether external contact information is present on the media (step 314). This contact information may be 
recorded in unsecured area 1 02, as the particular clearing house contacted may provide a cryptographic key necessary 
is in utilizing the content of media 100 which may not be defeated by fraudulently directing, i.e., surreptitiously recording 
- contact information on media 1 00, a media device and/or play-back device operating according to the present invention 
to a rogue external contact. Moreover, as information provided from the clearing house is preferably encrypted utilizing 
"the private media key, i.e., d and n discussed above, a rogue clearing house will not be able to provide a proper 
response unless this private key is acquired. 
20 [0083] If, at step 314, it is determined that no contact information is present i.e., there is no available external source 
- of information for utilizing the content of media 100, then operation according to the present invention is concluded. 
However, rf it is determined that contact information is present, then operation proceeds to step 315 where a determi- 
nation is made as to whether the content key to be retrieved from the external source is to allow unlimited use of the 
content or a single use. 

25 [0084] If only a single use is to be allowed of the content, i.e., a user must request a content key each time the content 
is to be utilized, such as might be desirable where a fee for use is desired to be extracted for each such use. operation 
of the present invention proceeds to step 316. At step 316 a request is made for an encrypted result of the disk key 
XORed with a random number. Accordingly, at step 317, the media device generates a random number, i.e.. a unique 
value which is chosen at random for use according to the present invention and which is held only for a period of time 

30 sufficient to complete this one iteration of the present invention. At step 318 the disk key is XORed with the random 
number and, thereafter, at step 319 the XORed disk key is encrypted with the public media key. 
[0085] However, if unlimited use is to be allowed of the content, i.e., the content is to be unlocked permanently with 
respect to a particular play-back device upon the payment of a single fee or a verification of an authorized copy of the 
media, or where the information to be provided by the clearing house is "authorized user" up-date information, opera- 

35 tion of the present invention proceeds to step 320. At step 320 a request is made for an encrypted disk key. This request 
may include transmission of a private cryptographic key or other means by which the returned data packet may be fur- 
ther protected in order to present someone with the public media key for intercepting the returned data packet and 
decrypting its contents. Thereafter, as described above, step 319 encrypts the disk key with the public media key. 
[0086] It shall be appreciated that, in the alternative to the play-back device determining whether one time or unlimited 

40 use is to be allowed, the media device of the present invention may make this determination, such as through reference 
to information stored on media 100, for example within a reserved area of secure area 101 . Accordingly, rather than the 
decision presented at step 315, the play-back device may request a disk key and the media device XOR that key with 
a random number rf one time use is to be provided or XOR that key with zero (0) if unlimited use is to be provided. 
[0087] At step 32 1 a list of the decoders available to the play-back device, as well as information identifying the media. 

45 are appended to the encrypted disk key. It shall be appreciated that the information identifying the media may be stored 
on the media either within the secured area, such as one of the reserved areas described above, or within the unse- 
cured area, and may be provided from the media for inclusion accompanying the encrypted disk key such as at step 
319. 

[0088] The information identifying the media, the list of available decoders and the encrypted disk key are provided 
so to the clearing house at step 322 and a response therefrom is awaited, ft shall be appreciated that this information 
packet may be provided to the clearing house from the player utilizing a communication device such as the aforemen- 
tioned modem coupled via a public switched telephone network or the Internet. Of course other means by which data 
communication may be accomplished which are well known in the art or may later be developed may be utilized accord- 
ing to the present invention. 

55 [0089] The clearing house receives the data packet from the player and preferably operates according to the embod- 
iment described with reference to FIGURE 4 described below. Accordingly, a content key suitable for use with the con- 
tent of media 100 is returned to the player, preferably encrypted utilizing the private media key described above. 
[0090] At step 323 the response from the clearing house is provided to the media device where it is decrypted using 
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the public media key (step 324). As described above, a random number is utilized in the one time use embodiment of 
the present invention. This random number is utilized by the clearing house to XOR the content key for provision to the 
player. As such a rogue may not simply capture the data packet returned from the clearing house for later re-submission 
to the player for repeated use of the content as the random number, discarded after a single iteration of the present 
invention, is required by the media device in extracting the content key. Moreover, someone in possession of the media 
public key will not be able to decrypt the data packet and retrieve the content key without also knowing the random 
number. Accordingly, at step 324, where the single use embodiment is utilized, the information decrypted is XORed with 
the random number to reveal the content key an/or other information provided thereby. 

[0091] At step 325 the media device may store the content key for repeated use, where allowed and/or may store a 
o new or updated "acceptable user" fist for subsequent use. Alternatively, or additionally, where the content key provided 
by the clearing house is useful in unlocking the media for multiple uses, i.e., the key is not XORed with a random 
number retained only for a single iteration of the present invention, the play-back device or other host may memorize 

- the data packet for subsequent provision to the media device at the appropriate time. 

[0092] Although described with respect to up-dating an "acceptable user" list, it shall be appreciated that the present 
s invention may operate to indicate particular ones of the decoders identified as authorized by the Public Key flags and/or 

- Key Extents which are no longer acceptable for use according to the present invention. For example, where a particular 
private key has been compromised, the up-date information received from the clearing house may indicate one of the 
public keys may no longer be used. Accordingly, a check against such a "revoked" list may be performed, such as at 
step 306, to disallow the use of such private keys. 

o [0093] Operation proceeds to steps 305 through 313 as described herein above. However, it shall be appreciated that 
where the content key is provided in the data packet from the clearing house, i.e., pay-per-view, step 311 operates to 
utilize this content key rather than the disk key stored on the media. Likewise, where external information is utilized to 
update the "acceptable user" list, the information at step 306 includes the up-dated information provided by the clearing 
house. It shall be appreciated that the content key and/or up-dated "acceptable user" list information acquired from the 

5 clearing house may be stored within media 100 if desired. However, as unauthorized recording of this information may 
be utilized in avoiding the protection offered according to the present invention, recording of this information on the 
media is preferably done within the secure area. 

[0094] If it is determined that no encryption is utilized to protect the content of media 100 (step 303) a determination 
is made as to whether disk authentication according to the present invention is to be utilized (step 326). If no disk 
o authentication is utilized, then operation according to the present invention is concluded and the play-back device uti- 
lizes the content of media 100 accordingly. 

[0095] However, if disk authentication is utilized, at step 327 the play-back device generates a random number. There- 
after, the play-back device encrypts this random number with the private media key (step 328). The encrypted random 
number is communicated to the media device at step 329. Thereafter, the media device decrypts the random number 

5 utilizing the public media key stored in the secure area of media 100. 

[0096] The play-back device requests that the random number be XORed with the disk key stored within the secure 
area of media 100 (step 331). In response, at step 332, the media device XORs the random number with the disk key. 
The media device then encrypts the result of the XORed random number and disk key with the media public key and 
provides this data packet to the play-back device (step 333). The play-back device decrypts the XORed random number 

o and disk key utilizing the private media key (step 334) and XORs this decrypted information with the random number 
(step 335). 

[0097] At step 336 a determination is made as to whether the disk key obtained from the media according to the above 
steps matches an expected or known disk key. If there is a match, the media is authentic, i.e., a simple copy of the infor- 
mation provided within unprotected area 1 02 has not been performed. However, if there is no match of the disk key, then 

5 the media is not authentic. 

[0098] Although the above preferred embodiment describes the use of standard encryption, external authorization, 
and media authentication in a single embodiment it shall be appreciated that any combination of these techniques may 
be utilized. For example, where a pay-per-view only device is utilized, only those steps associated with external author- 
ization need be provided such a system. Similarly, where it is not anticipated that media authentication will be utilized, 

o devices may be adapted to include only those steps associated with standard encryption and external authorization. 
[0099] Directing attention to FIGURE 4 a preferred embodiment of operation of the clearing house in response to a 
request by a player is shown. At step 401 the clearing house receives the data packet of step 322 from the player. The 
data packet is decrypted utilizing the private media key corresponding to the public media key stored on media 100 
(step 402). At step 403 the particular media is identified using information within the received data packet. It shall be 

5 appreciated that the clearing house may identify the particular media through available information which does not 
expressly identify the media! For example a particular public key may provide sufficient identification of the media. Like- 
wise, information gleaned from the communication, such as a uniform resource locator (URL) or automatic number 
identification (ANI) of the requesting player may be utilized according to the present invention. 



14 



Z\D: <EP 0978839A1_I_> 



EP 0 978 839 A1 



[0100] At step 404 the random number generated by the media device is recovered by the clearing house by XORing 
the decrypted disk key and random number XORed by the media device with the disk key as known by the clearing 
house. This random number is utilized to XOR the content key, to be utilized by the play-back device in meaningful use 
of the encrypted content of media 100, for provision to the player. An "acceptable user" list, or up-date thereof, may be 

£ appended to the information to be provided to the player at step 406. Thereafter, the information to be provided to the 
player is encrypted using the private media key (step 407) and communicated to the player (step 408). 
[0101] Preferably, file system information of the media is not encrypted. However, the data within files may be 
encrypted with the content key. Accordingly, a control file preferably indicates which files are encrypted and which are 
not. This allows protected and freely distributable information to coexist on the same media, thus enabling selected con- 

io tent to be protected, such as movies, while allowing unprotected distribution of other content such as promotional trail- 
ers. 

[01 02] In the preferred embodiment, the encryption sequence is restarted for each sector of the media. This maintains 

the sector addressability of the media and allows for random access of the content provided thereon. 

[0103] As described above, a media device operating according to the present invention allows for the producing of 
is protected content by providing for the authorized writing of information within the secure area. However, to prevent such 
* access to the secure area from enabling rogues to alter legitimately mastered media, writing to this area is performed 
.by providing the two prime numbers that are the factor of the media key (n). The disk key is provided encrypted with the 

private key corresponding with the public key sent. The media device multiplies the two primes and record the product 

in the media key (n) field. The media device does not need to verify that the input numbers are prime. A user can gen- 
20 erate insecure keys, but cannot reproduce a secure key. The disk key will be obtained for recording upon the media by 
"the media device by decrypting it using the public media key computed from the primes p and q. 

[0104] Accordingly, authoring a protected disk is possible, as the author has the primes. An illegal copy operation will 

not succeed because the key cannot be written without knowing the corresponding prime factors. Even if a user obtains 

the keys, he will not be able to record them. 
25 [0105] Commercial writing may be accomplished as described above. However, for further protection, the 1024 bit key 

may either be a prime itself or the product of two primes in which one of the primes is larger than 512 bits. This would 

prevent copying the key with a consumer level product even if the key could be factored. 

[0106] It shall be appreciated that the present invention may be implemented upon a dedicated player by the dedi- 
cated player reading the disk key from the secure area. If pay-per-view is supported, the dedicated players may imple- 

30 ment the public key protocols as described above. 

[0107] Additionally, it shall be appreciated that the present invention may also be implemented upon a computer sys- 
tem. However, a ROM drive, such as typically found in computer systems, performs no decryption of data delivered via 
its host interface. Preferably, MPEG decoder based decryption is utilized, such that decryption is performed by the 
MPEG decoder using the key provided by the drive. In order to maintain protection of the content, the MPEG decoder 

35 should not deliver the content to any interface that allows recording. 

[01 08] It shall be appreciated that, although the above example has been discussed with respect to a DVD formatted 
bulk storage device, the techniques described herein may be utilized with any number of such bulk storage devices. For 
example, the techniques of the present invention may be utilized with CD ROM formatted bulk storage devices with only 
simple differences as to where the secure area is hidden and how it was marked as not readable and how the disk key 

40 is hidden. 

[0109] Additionally, it shall be appreciated that according to the preferred embodiment of the present invention, as 
shown above, no unique host or drive identifier is available or required. This is allow for changing hardware due to 
upgrades or failure. 

[0110] Although the present invention and its advantages have been described in detail, it should be understood that 
45 various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the 
invention as defined by the appended claims. 

Claims 

so 1 . A method for preventing unauthorized utilization of content stored on a storage media (100), said method compris- 
ing the steps of: 

storing first information on the media (208), wherein said first information is stored within a controlled access 
portion of the media (101). and wherein said first information includes information wit respect to at least one 
$5 authorized media utilization device: 

storing second information on the media (208), wherein said second information includes a cryptographic key 
of said at least one authorized media utilization device; 

storing user content on the media (214), wherein said user content is stored within an open access portion of 
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the media (102); 

determining if a particular media utilization device is an acceptable media utilization device to provide said user 
content to (308), wherein said determination is at least in part made through reference to said first information; 
and 

enabling said particular media utilization device to utilize said user content at least in part by communicating 
information thereto encrypted with said cryptographic key of said second information associated therewith 
(313) rf said particular utilization device is determined to be acceptable at said determining step. 

2. The method of claim 1 , further comprising the steps of: 

determining if said content information is encrypted (303); 

determining if encryption of said content information utilizes an external contact for decryption (314); 
establishing communication with an external contact (322) having information useful in enabling said particular 
media utilization device to utilize said user content if said encryption of said content information is determined 
) to utilize an external contact; and 

retrieving said information useful in enabling said particular media utilization device to utilize said user content 
(323), wherein said information communicated to said particular media utilization device by said enabling step 
includes at least a portion of said retrieved information. 

) 3. The method of claim 1, wherein said step of determining if a particular media utilization device is an acceptable 
- media utilization device comprises the steps of : 

reviewing said first information (308) for an indication that said particular media utilization device is an accept- 
able media utilization device; 
j determining if external contact information associated with the media is available (314); 

establishing communication with said external contact (322) if said external contact information is determined 
to be available; and 

retrieving information supplemental to said first information (325) with respect to determining if a particular 
media utilization device is an acceptable media utilization device. 

4. The method of claim 1 , wherein said step of storing said first information comprises the steps of: 

providing parameters with respect to said first information in a predetermined format (206); and 
deriving at least a portion of said first information from said parameters (207), wherein said parameters said 
> portion of said first information is derived from are discarded derivation of said portion of said first information. 

5. The method of claim 1 , wherein said controlled access portion of the media is intersperse in a predetermined man- 
ner within said open access portion of said media. 

) 6. The method of claim 1 . wherein said controlled access portion of the media is an active portion of the media. 

7. A method for preventing unauthorized utilization of content stored on a storage device (1 00). said method compris- 
ing the steps of: 

? storing first information on the storage device (208), wherein said first information is stored within a controlled 

access portion of the storage device (101), and wherein said first information includes a public cryptographic 
key; 

storing user content on the storage device (214), wherein said user content is stored within an open access 
portion of the storage device (102); 
? validating a particular device operable with said method as acceptable for use with said method (308, 326), 

wherein said validating step utilizes at least a portion of said first information; and 

enabling utilization of said user content (313) if said particular device is validated as acceptable at said validat- 
ing step. 

» 8. The method of claim 14, wherein said validating step comprises the steps of: 

encrypting information with a private cryptographic key corresponding to said public cryptographic key of said 
first information (328); and 
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decrypting said information encrypted with said private cryptographic key corresponding to said public crypto- 
graphic key of said first information with said public cryptographic key of said first information (330). 

9. The method of claim 14, further comprising the step of: 

storing second information on the media (208), wherein said second information includes a cryptographic key 
of said at least one authorized media utilization device. 

10. A system for providing protected content on a bulk storage device (100), said system comprising: 

a storage device providing information storage capacity (1 00), wherein at least a portion of said storage capac- 
ity is identified as restricted access storage capacity (101) and at least a portion of said storage capacity is 
identified as open access storage capacity (1 02); and 

a processor (111) operating under control of an instruction set, wherein said instruction set defines conditions 
under which access to said restricted access storage capacity is authorized, and wherein at least a storage 
device public key and information with respect to a plurality of acceptable play-back devices are stored in said 
restricted access storage capacity under control of said processor in accordance with said instruction set. 
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